Offensive Security Associate

**_Overview_**: Echelon Risk + Cyber is seeking an Offensive Security Associate to join our team. Your role and responsibilities will include the execution of client assessments and audits ranging from a common penetration test to an advanced adversarial emulation exercise. In addition to our client-facing activities, you will be expected to engage and contribute to research and development projects into new attack tactics, techniques, and procedures (TTPs) as well. Our Offensive security team values teamwork and cohesion and operates under a "can you do the job, will you do the job, and will you fit in" model. We believe passion in security is paramount and those who strive to improve their knowledge in this field will grow quickly in our practice.Work will be performed in a consultative manner with clients of various industries, sizes, and makeup.**_ What You Will Do (Responsibilities)_**:- Assist in executing security assessments and audits to include, penetration testing (internal, external, web, wireless, physical), adversarial emulation exercises (red teams), social engineering exercises, and other offensive security-related exercises to improve a client's overall security posture.- Build and maintain technical knowledge of adversarial activity to emulate similar TTPs during security assessments.- Use resourceful thinking to identify and exploit security vulnerabilities usually missed by automated tools- Contribute detail-oriented documentation on findings, observations, remediation steps, and/or mitigation recommendations in the form of Word and/or PowerPoint reports.- Find ways to improve your tradecraft and knowledge in the adversarial simulation space- Provide innovative techniques and perspectives to continually enhance internal processes and capabilities- Contribute to internal research projects- Assist leadership with the creation of proposals, work plans, and other business development efforts- Produce thought leadership for the organization's website blog on a regular basis- Actively be involved in the cybersecurity community**_Requirements_**:- University degree in a relevant IT or Cyber Security field- Internship experience in relevant field preferred. Upcoming college graduate will be considered to start part time and transition to full time upon graduation.- Strong problem-solving skills and attention to detail in the technical space- Basic knowledge of Linux (Debian preferred) and Windows operating systems.- Basic knowledge in any of the following programming/scripting languages: Python, Bash, PowerShell, C, C#, C++, Java, Perl- Considers communication style based on audience- ability to communicate highly technical findings to a non-technical audience clearly- Strong attention to detail and superior analytical, technical, and problem solving skills- Proficiency in English, both written and verbal- ** Only resumes submitted in English will be considered**:- Authorized to work in Mexico**_ Bonus Qualifications_**:- A relevant Offensive Security Certification: eJPT, OSCP, etc.- Active engagement in a Penetration Testing training environmentThe above statements are intended to describe the general nature and level of work being performed by people assigned to the job. They are not intended to be an all-encompassing list of all responsibilities, duties, and skills required of personnel so classified. Reasonable accommodations to essential functions of the job will be made if necessary.We currently offer the following benefits:- Access to private medical insurance through Axa- Life insurance policy via Sura Seguros- 30-day Christmas bonus and a monthly technology stipend- Contribution of 8% of the employee's salary to a savings fund- Vacations according to federal law- Flexible time off policy that allows you to manage your schedule and rest and recharge when you need to- Family-friendly benefits, including 16 weeks off for Maternity leave, 8 weeks off for non-birthing parent leave, and employer-paid short-term and long-term disability.- Support on individual development through certifications, continued learning, conferences, and more.We value a diverse workforce and a culture of inclusivity and belonging. All employment decisions shall be made without regard to age, race, creed, color, religion, gender, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status, or any other basis as protected by federal, state, or local law. Echelon Risk + Cyber is an Equal Opportunity Employer.